diff options
Diffstat (limited to 'meta/recipes-extended/shadow/files')
10 files changed, 71 insertions, 601 deletions
diff --git a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch deleted file mode 100644 index ab317b9aa0..0000000000 --- a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch +++ /dev/null @@ -1,123 +0,0 @@ -From fa2d9453656641002802d8165e80adb9e6a729d2 Mon Sep 17 00:00:00 2001 -From: Scott Garman <scott.a.garman@intel.com> -Date: Thu, 14 Apr 2016 12:28:57 +0200 -Subject: [PATCH] Disable use of syslog for sysroot - -Disable use of syslog to prevent sysroot user and group additions from -writing entries to the host's syslog. This patch should only be used -with the shadow-native recipe. - -Upstream-Status: Inappropriate [disable feature] - -Signed-off-by: Scott Garman <scott.a.garman@intel.com> -Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> - ---- - src/groupadd.c | 3 +++ - src/groupdel.c | 3 +++ - src/groupmems.c | 3 +++ - src/groupmod.c | 3 +++ - src/useradd.c | 3 +++ - src/userdel.c | 3 +++ - src/usermod.c | 3 +++ - 7 files changed, 21 insertions(+) - -diff --git a/src/groupadd.c b/src/groupadd.c -index 2dd8eec..e9c4bb7 100644 ---- a/src/groupadd.c -+++ b/src/groupadd.c -@@ -34,6 +34,9 @@ - - #ident "$Id$" - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <ctype.h> - #include <fcntl.h> - #include <getopt.h> -diff --git a/src/groupdel.c b/src/groupdel.c -index f941a84..5a70056 100644 ---- a/src/groupdel.c -+++ b/src/groupdel.c -@@ -34,6 +34,9 @@ - - #ident "$Id$" - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <ctype.h> - #include <fcntl.h> - #include <grp.h> -diff --git a/src/groupmems.c b/src/groupmems.c -index fc91c8b..2842514 100644 ---- a/src/groupmems.c -+++ b/src/groupmems.c -@@ -32,6 +32,9 @@ - - #include <config.h> - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <fcntl.h> - #include <getopt.h> - #include <grp.h> -diff --git a/src/groupmod.c b/src/groupmod.c -index 1dca5fc..bc14438 100644 ---- a/src/groupmod.c -+++ b/src/groupmod.c -@@ -34,6 +34,9 @@ - - #ident "$Id$" - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <ctype.h> - #include <fcntl.h> - #include <getopt.h> -diff --git a/src/useradd.c b/src/useradd.c -index 4af0f7c..1b7bf06 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -34,6 +34,9 @@ - - #ident "$Id$" - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <assert.h> - #include <ctype.h> - #include <errno.h> -diff --git a/src/userdel.c b/src/userdel.c -index cc951e5..153e0be 100644 ---- a/src/userdel.c -+++ b/src/userdel.c -@@ -34,6 +34,9 @@ - - #ident "$Id$" - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <assert.h> - #include <errno.h> - #include <fcntl.h> -diff --git a/src/usermod.c b/src/usermod.c -index 05b9871..21c6da9 100644 ---- a/src/usermod.c -+++ b/src/usermod.c -@@ -34,6 +34,9 @@ - - #ident "$Id$" - -+/* Disable use of syslog since we're running this command against a sysroot */ -+#undef USE_SYSLOG -+ - #include <assert.h> - #include <ctype.h> - #include <errno.h> diff --git a/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch b/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch deleted file mode 100644 index c6332e4f76..0000000000 --- a/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch +++ /dev/null @@ -1,301 +0,0 @@ -From a7d995228491ad5255ad86c1f04ba071f6880897 Mon Sep 17 00:00:00 2001 -From: Chen Qi <Qi.Chen@windriver.com> -Date: Sat, 16 Nov 2013 15:27:47 +0800 -Subject: [PATCH] Allow for setting password in clear text - -Upstream-Status: Inappropriate [OE specific] - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> - ---- - src/Makefile.am | 8 ++++---- - src/groupadd.c | 20 +++++++++++++++----- - src/groupmod.c | 20 +++++++++++++++----- - src/useradd.c | 21 +++++++++++++++------ - src/usermod.c | 20 +++++++++++++++----- - 5 files changed, 64 insertions(+), 25 deletions(-) - -diff --git a/src/Makefile.am b/src/Makefile.am -index f31fd7a..4a317a3 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -103,10 +103,10 @@ chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) - chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) - expiry_LDADD = $(LDADD) $(LIBECONF) - gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) --groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -+groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT) - groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) - groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) --groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -+groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT) - grpck_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) - grpconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) - grpunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -@@ -127,9 +127,9 @@ su_SOURCES = \ - suauth.c - su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) - sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF) --useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT) - userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) --usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT) - vipw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) - - install-am: all-am -diff --git a/src/groupadd.c b/src/groupadd.c -index e9c4bb7..d572c00 100644 ---- a/src/groupadd.c -+++ b/src/groupadd.c -@@ -127,9 +127,10 @@ static /*@noreturn@*/void usage (int status) - (void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n" - " (non-unique) GID\n"), usageout); - (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout); -+ (void) fputs (_(" -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout); - (void) fputs (_(" -r, --system create a system account\n"), usageout); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); -- (void) fputs (_(" -P, --prefix PREFIX_DIR directory prefix\n"), usageout); -+ (void) fputs (_(" -A, --prefix PREFIX_DIR directory prefix\n"), usageout); - (void) fputs ("\n", usageout); - exit (status); - } -@@ -391,13 +392,14 @@ static void process_flags (int argc, char **argv) - {"key", required_argument, NULL, 'K'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+ {"clear-password", required_argument, NULL, 'P'}, - {"system", no_argument, NULL, 'r'}, - {"root", required_argument, NULL, 'R'}, -- {"prefix", required_argument, NULL, 'P'}, -+ {"prefix", required_argument, NULL, 'A'}, - {NULL, 0, NULL, '\0'} - }; - -- while ((c = getopt_long (argc, argv, "fg:hK:op:rR:P:", -+ while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:A:", - long_options, NULL)) != -1) { - switch (c) { - case 'f': -@@ -449,12 +451,20 @@ static void process_flags (int argc, char **argv) - pflg = true; - group_passwd = optarg; - break; -+ case 'P': -+ pflg = true; -+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); -+ break; - case 'r': - rflg = true; - break; - case 'R': /* no-op, handled in process_root_flag () */ - break; -- case 'P': /* no-op, handled in process_prefix_flag () */ -+ case 'A': /* no-op, handled in process_prefix_flag () */ -+ fprintf (stderr, -+ _("%s: -A is deliberately not supported \n"), -+ Prog); -+ exit (E_BAD_ARG); - break; - default: - usage (E_USAGE); -@@ -588,7 +598,7 @@ int main (int argc, char **argv) - (void) textdomain (PACKAGE); - - process_root_flag ("-R", argc, argv); -- prefix = process_prefix_flag ("-P", argc, argv); -+ prefix = process_prefix_flag ("-A", argc, argv); - - OPENLOG ("groupadd"); - #ifdef WITH_AUDIT -diff --git a/src/groupmod.c b/src/groupmod.c -index bc14438..25ccb44 100644 ---- a/src/groupmod.c -+++ b/src/groupmod.c -@@ -138,8 +138,9 @@ static void usage (int status) - (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout); - (void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n" - " PASSWORD\n"), usageout); -+ (void) fputs (_(" -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); -- (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); -+ (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); - (void) fputs ("\n", usageout); - exit (status); - } -@@ -387,11 +388,12 @@ static void process_flags (int argc, char **argv) - {"new-name", required_argument, NULL, 'n'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+ {"clear-password", required_argument, NULL, 'P'}, - {"root", required_argument, NULL, 'R'}, -- {"prefix", required_argument, NULL, 'P'}, -+ {"prefix", required_argument, NULL, 'A'}, - {NULL, 0, NULL, '\0'} - }; -- while ((c = getopt_long (argc, argv, "g:hn:op:R:P:", -+ while ((c = getopt_long (argc, argv, "g:hn:op:P:R:A:", - long_options, NULL)) != -1) { - switch (c) { - case 'g': -@@ -418,9 +420,17 @@ static void process_flags (int argc, char **argv) - group_passwd = optarg; - pflg = true; - break; -+ case 'P': -+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); -+ pflg = true; -+ break; - case 'R': /* no-op, handled in process_root_flag () */ - break; -- case 'P': /* no-op, handled in process_prefix_flag () */ -+ case 'A': /* no-op, handled in process_prefix_flag () */ -+ fprintf (stderr, -+ _("%s: -A is deliberately not supported \n"), -+ Prog); -+ exit (E_BAD_ARG); - break; - default: - usage (E_USAGE); -@@ -761,7 +771,7 @@ int main (int argc, char **argv) - (void) textdomain (PACKAGE); - - process_root_flag ("-R", argc, argv); -- prefix = process_prefix_flag ("-P", argc, argv); -+ prefix = process_prefix_flag ("-A", argc, argv); - - OPENLOG ("groupmod"); - #ifdef WITH_AUDIT -diff --git a/src/useradd.c b/src/useradd.c -index 1b7bf06..44f09e2 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -853,9 +853,10 @@ static void usage (int status) - (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n" - " (non-unique) UID\n"), usageout); - (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout); -+ (void) fputs (_(" -P, --clear-password PASSWORD clear password of the new account\n"), usageout); - (void) fputs (_(" -r, --system create a system account\n"), usageout); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); -- (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); -+ (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); - (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout); - (void) fputs (_(" -u, --uid UID user ID of the new account\n"), usageout); - (void) fputs (_(" -U, --user-group create a group with the same name as the user\n"), usageout); -@@ -1133,9 +1134,10 @@ static void process_flags (int argc, char **argv) - {"no-user-group", no_argument, NULL, 'N'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+ {"clear-password", required_argument, NULL, 'P'}, - {"system", no_argument, NULL, 'r'}, - {"root", required_argument, NULL, 'R'}, -- {"prefix", required_argument, NULL, 'P'}, -+ {"prefix", required_argument, NULL, 'A'}, - {"shell", required_argument, NULL, 's'}, - {"uid", required_argument, NULL, 'u'}, - {"user-group", no_argument, NULL, 'U'}, -@@ -1146,9 +1148,9 @@ static void process_flags (int argc, char **argv) - }; - while ((c = getopt_long (argc, argv, - #ifdef WITH_SELINUX -- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:", -+ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:UZ:", - #else /* !WITH_SELINUX */ -- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U", -+ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:U", - #endif /* !WITH_SELINUX */ - long_options, NULL)) != -1) { - switch (c) { -@@ -1320,12 +1322,19 @@ static void process_flags (int argc, char **argv) - } - user_pass = optarg; - break; -+ case 'P': /* set clear text password */ -+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); -+ break; - case 'r': - rflg = true; - break; - case 'R': /* no-op, handled in process_root_flag () */ - break; -- case 'P': /* no-op, handled in process_prefix_flag () */ -+ case 'A': /* no-op, handled in process_prefix_flag () */ -+ fprintf (stderr, -+ _("%s: -A is deliberately not supported \n"), -+ Prog); -+ exit (E_BAD_ARG); - break; - case 's': - if ( ( !VALID (optarg) ) -@@ -2257,7 +2266,7 @@ int main (int argc, char **argv) - - process_root_flag ("-R", argc, argv); - -- prefix = process_prefix_flag("-P", argc, argv); -+ prefix = process_prefix_flag("-A", argc, argv); - - OPENLOG ("useradd"); - #ifdef WITH_AUDIT -diff --git a/src/usermod.c b/src/usermod.c -index 21c6da9..cffdb3e 100644 ---- a/src/usermod.c -+++ b/src/usermod.c -@@ -431,8 +431,9 @@ static /*@noreturn@*/void usage (int status) - " new location (use only with -d)\n"), usageout); - (void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout); - (void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout); -+ (void) fputs (_(" -P, --clear-password PASSWORD use clear password for the new password\n"), usageout); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); -- (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); -+ (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); - (void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout); - (void) fputs (_(" -u, --uid UID new UID for the user account\n"), usageout); - (void) fputs (_(" -U, --unlock unlock the user account\n"), usageout); -@@ -1010,8 +1011,9 @@ static void process_flags (int argc, char **argv) - {"move-home", no_argument, NULL, 'm'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+ {"clear-password", required_argument, NULL, 'P'}, - {"root", required_argument, NULL, 'R'}, -- {"prefix", required_argument, NULL, 'P'}, -+ {"prefix", required_argument, NULL, 'A'}, - {"shell", required_argument, NULL, 's'}, - {"uid", required_argument, NULL, 'u'}, - {"unlock", no_argument, NULL, 'U'}, -@@ -1027,7 +1029,7 @@ static void process_flags (int argc, char **argv) - {NULL, 0, NULL, '\0'} - }; - while ((c = getopt_long (argc, argv, -- "abc:d:e:f:g:G:hl:Lmop:R:s:u:UP:" -+ "abc:d:e:f:g:G:hl:Lmop:P:R:s:u:UA:" - #ifdef ENABLE_SUBIDS - "v:w:V:W:" - #endif /* ENABLE_SUBIDS */ -@@ -1130,9 +1132,17 @@ static void process_flags (int argc, char **argv) - user_pass = optarg; - pflg = true; - break; -+ case 'P': -+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); -+ pflg = true; -+ break; - case 'R': /* no-op, handled in process_root_flag () */ - break; -- case 'P': /* no-op, handled in process_prefix_flag () */ -+ case 'A': /* no-op, handled in process_prefix_flag () */ -+ fprintf (stderr, -+ _("%s: -A is deliberately not supported \n"), -+ Prog); -+ exit (E_BAD_ARG); - break; - case 's': - if (!VALID (optarg)) { -@@ -2127,7 +2137,7 @@ int main (int argc, char **argv) - (void) textdomain (PACKAGE); - - process_root_flag ("-R", argc, argv); -- prefix = process_prefix_flag ("-P", argc, argv); -+ prefix = process_prefix_flag ("-A", argc, argv); - - OPENLOG ("usermod"); - #ifdef WITH_AUDIT diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch index 9825216369..cd99aad135 100644 --- a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch +++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch @@ -1,4 +1,4 @@ -From 66533c7c6f347d257020675a1ed6e0c59cbbc3f0 Mon Sep 17 00:00:00 2001 +From f512071dd3a4c29d4bf048c5a89c4ba9160e37b1 Mon Sep 17 00:00:00 2001 From: Chen Qi <Qi.Chen@windriver.com> Date: Thu, 17 Jul 2014 15:53:34 +0800 Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env @@ -15,32 +15,31 @@ Note that this patch doesn't change the logic in the code, it just expands the codes. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> - --- lib/commonio.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/commonio.c b/lib/commonio.c -index 16fa7e7..d6bc297 100644 +index 01a26c9..82b2868 100644 --- a/lib/commonio.c +++ b/lib/commonio.c -@@ -632,10 +632,18 @@ int commonio_open (struct commonio_db *db, int mode) +@@ -601,10 +601,18 @@ int commonio_open (struct commonio_db *db, int mode) db->cursor = NULL; db->changed = false; - fd = open (db->filename, - (db->readonly ? O_RDONLY : O_RDWR) -- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); +- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC); - saved_errno = errno; + if (db->readonly) { + fd = open (db->filename, + (true ? O_RDONLY : O_RDWR) -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC); + saved_errno = errno; + } else { + fd = open (db->filename, + (false ? O_RDONLY : O_RDWR) -+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); ++ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW| O_CLOEXEC); + saved_errno = errno; + } + diff --git a/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot b/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot index 8a68dd341a..09df77d2e7 100644 --- a/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot +++ b/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot @@ -1,3 +1,4 @@ +# SPDX-License-Identifier: BSD-3-Clause OR Artistic-1.0 # # /etc/login.defs - Configuration control definitions for the shadow package. # diff --git a/meta/recipes-extended/shadow/files/pam.d/login b/meta/recipes-extended/shadow/files/pam.d/login index b340058539..d39e09b1ea 100644 --- a/meta/recipes-extended/shadow/files/pam.d/login +++ b/meta/recipes-extended/shadow/files/pam.d/login @@ -57,10 +57,6 @@ auth optional pam_group.so # (Replaces the use of /etc/limits in old login) session required pam_limits.so -# Prints the last login info upon succesful login -# (Replaces the `LASTLOG_ENAB' option from login.defs) -session optional pam_lastlog.so - # Prints the motd upon succesful login # (Replaces the `MOTD_FILE' option in login.defs) session optional pam_motd.so diff --git a/meta/recipes-extended/shadow/files/securetty b/meta/recipes-extended/shadow/files/securetty index 2be341a216..820728faa6 100644 --- a/meta/recipes-extended/shadow/files/securetty +++ b/meta/recipes-extended/shadow/files/securetty @@ -7,6 +7,7 @@ ttyS0 ttyS1 ttyS2 ttyS3 +ttyS4 # ARM AMBA SoCs ttyAM0 diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch b/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch deleted file mode 100644 index a7bb0a9290..0000000000 --- a/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch +++ /dev/null @@ -1,27 +0,0 @@ -# commit message copied from openembedded: -# commit 246c80637b135f3a113d319b163422f98174ee6c -# Author: Khem Raj <raj.khem@gmail.com> -# Date: Wed Jun 9 13:37:03 2010 -0700 -# -# shadow-4.1.4.2: Add patches to support dots in login id. -# -# Signed-off-by: Khem Raj <raj.khem@gmail.com> -# -# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11 - -Upstream-Status: Pending - -Signed-off-by: Scott Garman <scott.a.garman@intel.com> - -Index: shadow-4.1.4.2/libmisc/chkname.c -=================================================================== ---- shadow-4.1.4.2.orig/libmisc/chkname.c 2009-04-28 12:14:04.000000000 -0700 -+++ shadow-4.1.4.2/libmisc/chkname.c 2010-06-03 17:43:20.638973857 -0700 -@@ -61,6 +61,7 @@ static bool is_valid_name (const char *n - ( ('0' <= *name) && ('9' >= *name) ) || - ('_' == *name) || - ('-' == *name) || -+ ('.' == *name) || - ( ('$' == *name) && ('\0' == *(name + 1)) ) - )) { - return false; diff --git a/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch b/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch deleted file mode 100644 index cc833362e9..0000000000 --- a/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch +++ /dev/null @@ -1,111 +0,0 @@ -From ca472d6866e545aaa70a70020e3226f236a8aafc Mon Sep 17 00:00:00 2001 -From: Shan Hai <shan.hai@windriver.com> -Date: Tue, 13 Sep 2016 13:45:46 +0800 -Subject: [PATCH] shadow: use relaxed usernames - -The groupadd from shadow does not allow upper case group names, the -same is true for the upstream shadow. But distributions like -Debian/Ubuntu/CentOS has their own way to cope with this problem, -this patch is picked up from CentOS release 7.0 to relax the usernames -restrictions to allow the upper case group names, and the relaxation is -POSIX compliant because POSIX indicate that usernames are composed of -characters from the portable filename character set [A-Za-z0-9._-]. - -Upstream-Status: Pending - -Signed-off-by: Shan Hai <shan.hai@windriver.com> - ---- - libmisc/chkname.c | 30 ++++++++++++++++++------------ - man/groupadd.8.xml | 6 ------ - man/useradd.8.xml | 8 +------- - 3 files changed, 19 insertions(+), 25 deletions(-) - -diff --git a/libmisc/chkname.c b/libmisc/chkname.c -index 90f185c..65762b4 100644 ---- a/libmisc/chkname.c -+++ b/libmisc/chkname.c -@@ -55,22 +55,28 @@ static bool is_valid_name (const char *name) - } - - /* -- * User/group names must match [a-z_][a-z0-9_-]*[$] -- */ -- -- if (('\0' == *name) || -- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) { -+ * User/group names must match gnu e-regex: -+ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? -+ * -+ * as a non-POSIX, extension, allow "$" as the last char for -+ * sake of Samba 3.x "add machine script" -+ */ -+ if ( ('\0' == *name) || -+ !((*name >= 'a' && *name <= 'z') || -+ (*name >= 'A' && *name <= 'Z') || -+ (*name >= '0' && *name <= '9') || -+ (*name == '_') || (*name == '.') -+ )) { - return false; - } - - while ('\0' != *++name) { -- if (!(( ('a' <= *name) && ('z' >= *name) ) || -- ( ('0' <= *name) && ('9' >= *name) ) || -- ('_' == *name) || -- ('-' == *name) || -- ('.' == *name) || -- ( ('$' == *name) && ('\0' == *(name + 1)) ) -- )) { -+ if (!( (*name >= 'a' && *name <= 'z') || -+ (*name >= 'A' && *name <= 'Z') || -+ (*name >= '0' && *name <= '9') || -+ (*name == '_') || (*name == '.') || (*name == '-') || -+ (*name == '$' && *(name + 1) == '\0') -+ )) { - return false; - } - } -diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml -index 1e58f09..d804b61 100644 ---- a/man/groupadd.8.xml -+++ b/man/groupadd.8.xml -@@ -272,12 +272,6 @@ - - <refsect1 id='caveats'> - <title>CAVEATS</title> -- <para> -- Groupnames must start with a lower case letter or an underscore, -- followed by lower case letters, digits, underscores, or dashes. -- They can end with a dollar sign. -- In regular expression terms: [a-z_][a-z0-9_-]*[$]? -- </para> - <para> - Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. - </para> -diff --git a/man/useradd.8.xml b/man/useradd.8.xml -index a16d730..c0bd777 100644 ---- a/man/useradd.8.xml -+++ b/man/useradd.8.xml -@@ -366,7 +366,7 @@ - </term> - <listitem> - <para> -- Do no create the user's home directory, even if the system -+ Do not create the user's home directory, even if the system - wide setting from <filename>/etc/login.defs</filename> - (<option>CREATE_HOME</option>) is set to - <replaceable>yes</replaceable>. -@@ -660,12 +660,6 @@ - the user account creation request. - </para> - -- <para> -- Usernames must start with a lower case letter or an underscore, -- followed by lower case letters, digits, underscores, or dashes. -- They can end with a dollar sign. -- In regular expression terms: [a-z_][a-z0-9_-]*[$]? -- </para> - <para> - Usernames may only be up to 32 characters long. - </para> diff --git a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch index 15f8044fa2..1eacb8a53f 100644 --- a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch +++ b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch @@ -1,88 +1,115 @@ +From 38882ab288fd4d2cc2e45dff222ae3412c8fe357 Mon Sep 17 00:00:00 2001 +From: Kang Kai <kai.kang@windriver.com> +Date: Wed, 20 Jul 2011 19:18:14 +0800 +Subject: [PATCH] shadow: update pam related configure files + The system-auth in the configure files is from Fedora which put all the 4 pam type rules in one file. In yocto it obey the way with Debian/Ubuntu, and the names are common-auth, common-account, common-password and common-session. So update them with oe way. -Upstream-Status: Pending +See meta/recipes-extended/pam/libpam/pam.d/common-password + +Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Kang Kai <kai.kang@windriver.com> +--- + etc/pam.d/chage | 2 +- + etc/pam.d/chgpasswd | 2 +- + etc/pam.d/groupadd | 2 +- + etc/pam.d/groupdel | 2 +- + etc/pam.d/groupmems | 2 +- + etc/pam.d/groupmod | 2 +- + etc/pam.d/useradd | 2 +- + etc/pam.d/userdel | 2 +- + etc/pam.d/usermod | 2 +- + 9 files changed, 9 insertions(+), 9 deletions(-) -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chage shadow-4.1.4.3/etc/pam.d/chage ---- shadow-4.1.4.3/etc/pam.d.orig/chage 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/chage 2011-07-20 19:03:08.964844958 +0800 +diff --git a/etc/pam.d/chage b/etc/pam.d/chage +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/chage ++++ b/etc/pam.d/chage @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chgpasswd shadow-4.1.4.3/etc/pam.d/chgpasswd ---- shadow-4.1.4.3/etc/pam.d.orig/chgpasswd 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/chgpasswd 2011-07-20 19:03:26.544844958 +0800 +diff --git a/etc/pam.d/chgpasswd b/etc/pam.d/chgpasswd +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/chgpasswd ++++ b/etc/pam.d/chgpasswd @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupadd shadow-4.1.4.3/etc/pam.d/groupadd ---- shadow-4.1.4.3/etc/pam.d.orig/groupadd 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/groupadd 2011-07-20 19:04:08.124844958 +0800 +diff --git a/etc/pam.d/groupadd b/etc/pam.d/groupadd +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/groupadd ++++ b/etc/pam.d/groupadd @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupdel shadow-4.1.4.3/etc/pam.d/groupdel ---- shadow-4.1.4.3/etc/pam.d.orig/groupdel 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/groupdel 2011-07-20 19:04:26.114844958 +0800 +diff --git a/etc/pam.d/groupdel b/etc/pam.d/groupdel +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/groupdel ++++ b/etc/pam.d/groupdel @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmems shadow-4.1.4.3/etc/pam.d/groupmems ---- shadow-4.1.4.3/etc/pam.d.orig/groupmems 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/groupmems 2011-07-20 19:04:35.074844958 +0800 +diff --git a/etc/pam.d/groupmems b/etc/pam.d/groupmems +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/groupmems ++++ b/etc/pam.d/groupmems @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmod shadow-4.1.4.3/etc/pam.d/groupmod ---- shadow-4.1.4.3/etc/pam.d.orig/groupmod 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/groupmod 2011-07-20 19:04:44.864844958 +0800 +diff --git a/etc/pam.d/groupmod b/etc/pam.d/groupmod +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/groupmod ++++ b/etc/pam.d/groupmod @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/useradd shadow-4.1.4.3/etc/pam.d/useradd ---- shadow-4.1.4.3/etc/pam.d.orig/useradd 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/useradd 2011-07-20 19:07:26.244844958 +0800 +diff --git a/etc/pam.d/useradd b/etc/pam.d/useradd +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/useradd ++++ b/etc/pam.d/useradd @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/userdel shadow-4.1.4.3/etc/pam.d/userdel ---- shadow-4.1.4.3/etc/pam.d.orig/userdel 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/userdel 2011-07-20 19:07:35.734844958 +0800 +diff --git a/etc/pam.d/userdel b/etc/pam.d/userdel +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/userdel ++++ b/etc/pam.d/userdel @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so account required pam_permit.so -password include system-auth +password include common-password -diff -Nur shadow-4.1.4.3/etc/pam.d.orig/usermod shadow-4.1.4.3/etc/pam.d/usermod ---- shadow-4.1.4.3/etc/pam.d.orig/usermod 2011-07-20 19:02:27.384844958 +0800 -+++ shadow-4.1.4.3/etc/pam.d/usermod 2011-07-20 19:07:42.024844958 +0800 +diff --git a/etc/pam.d/usermod b/etc/pam.d/usermod +index 8f49f5c..b1f365d 100644 +--- a/etc/pam.d/usermod ++++ b/etc/pam.d/usermod @@ -1,4 +1,4 @@ #%PAM-1.0 auth sufficient pam_rootok.so diff --git a/meta/recipes-extended/shadow/files/useradd b/meta/recipes-extended/shadow/files/useradd new file mode 100644 index 0000000000..782aeef418 --- /dev/null +++ b/meta/recipes-extended/shadow/files/useradd @@ -0,0 +1,8 @@ +# useradd defaults file +GROUP=100 +HOME=/home +INACTIVE=-1 +EXPIRE= +SHELL=/bin/sh +SKEL=/etc/skel +CREATE_MAIL_SPOOL=no |